can I use a cookie or session object in my mobile website to control login from a PHP page?

Yes.

Mobile phones use web browsers which generally support cookies (unless the phone is really old), so a cookie based login shouldn't be a problem.

Keep in mind that some networks or transcoding proxies of networks may block cookies. it would be better to use url based session state if you care about every visitor.

Thought I would update this as it came up on a search I did for my report on mobile websites

with HTML5 you can also use localStorage as stated by w3schoo which is sported by IE8+ and the rest